Find your next specialised financial services hire
The 1 July, 2025 deadline for CPS 230 is looming, and the clock is ticking faster than the talent pipeline is filling.
Across the financial services industry, firms are scrambling to assess risk frameworks, bolster compliance teams, and ensure operational resilience before APRA’s new regulations take effect. But there’s a problem - compliance professionals are in short supply, and competition for their expertise is fiercer than ever.
Hiring in this environment feels like a high-stakes game of musical chairs except when the music stops on 1 July, the consequences aren’t just awkward. They could mean fines, reputational damage, and operational disruptions that take years to fix.
Darren Kingston, specialised financial services and risk and compliance recruiter knows this better than most. As a dominant player in this niche market with a high level of technical knowledge relating to regulation, banking and insurance, Darren has observed the uptick in hiring for the CPS 230 requirements.
“The surge in demand for risk and compliance professionals with CPS 230 expertise is flooding the financial services employment market. Businesses are proactively hiring to embed these robust operational risk management standards for genuine resilience, safeguarding reputation, and to ensure sustainable growth in the current complex and scrutinised space."
So, the question is: How can you secure the right compliance talent - before your competitors do?
What is CPS 230?
For hiring managers unfamiliar with the details, CPS 230 is a new APRA prudential standard that sets stricter requirements for operational risk management, business continuity planning, and third-party risk management in financial institutions.
The objective of CPS 230 is to ensure financial firms can withstand disruptions ranging from cyber threats, supply chain failures, or internal governance weaknesses by strengthening risk frameworks, accountability structures, and resilience measures.
When does CPS 230 come into effect?
ACCESS THE GUIDE
The regulation comes into effect on 1 July, 2025. By this date, financial services firms must have compliance measures in place to meet APRA’s new standards. This deadline is a hard stop and delays in compliance could result in regulatory scrutiny, penalties, and operational risks.
This urgency is reshaping hiring needs, creating a surge in demand for compliance professionals with expertise in:
Operational risk management – Ensuring governance structures meet APRA’s expectations.
Regulatory compliance – Keeping organisations audit-ready.
Technology risk and controls – Managing cyber-security threats and third-party risks.
So much so, that in the 2025 Robert Half Salay Guide, CPS 230 is listed as one of the most in-demand technical skills in financial services.
Darren says, “Not only is CPS 230 highly sought-after for permanent staff, CPS 230 and third-party risk management are one of the most in-demand areas for contract roles too. With financial institutions in urgent hiring mode, those that act early will secure the best available talent while those that hesitate may find themselves left behind.”
The CPS 230 talent gap – What’s driving the shortage?
Darren says the talent gap in CPS 230 expertise is fuelled by a confluence of factors. “It includes a relatively new and highly specific skillset demand outpacing the existing talent pool, professionals with the right blend of risk, technology, and regulatory knowledge being fiercely contested, and firms perhaps underestimating the urgency until recently. It’s a perfect storm driving significant demand and, frankly, a shortage of qualified candidates who can truly navigate this change.”
1. Demand is outpacing supply
Australia’s financial services sector has been dealing with a compliance skills shortage for years, and CPS 230 has only intensified the problem. Senior risk and compliance professionals are already stretched across multiple regulatory changes, leaving a limited talent pool available.
2. Rising compensation expectations
With demand soaring, top-tier compliance professionals are commanding higher salaries and better benefits. According to industry data, salaries for senior financial services lawyers and operational risk managers are on the rise, meaning firms that fail to adjust their compensation strategies risk losing out.
Related: Why are more financial firms offering in-house legal opportunities?
3. Global competition for compliance talent
It’s not just Australian firms that need these professionals - Singapore, London, and New York are also in the race, offering attractive packages to skilled candidates. The competition isn’t just local; it’s global.
4. Evolving skill requirements
Firms need compliance professionals who understand both regulation and technology, particularly in areas like AI-driven risk monitoring and third-party cyber risk. Many hiring managers are finding that traditional compliance skill sets aren’t enough to meet CPS 230’s demands.
How hiring managers can secure top compliance talent now
Connect with Darren
But do not fear! There is CPS 230 talent out there, you just need to know where to find it. This is where Darren comes in. Whether you’re hiring for compliance, risk or internal audit roles, our team of financial services recruiters ensure you’ll find candidates in Australia with the expertise, credentials, and cultural fit to excel in your organisation.
Darren says, "While it does sound doom and gloom, I speak to qualified candidates every single day and we are in touch with many who can meet these requirements. Working with a recruiter like me can help alleviate the stress of identifying needle in a compliance haystack. There are ways for hiring managers to secure top compliance talent in collaboration with a recruiter including moving swiftly and offering competitive, holistic packages that recognise the criticality of their role in safeguarding the business. But even beyond money, candidates are interested in opportunities for professional growth, impact on organisational integrity, and a supportive culture that values their expertise, so highlighting these aspects are also advised.”
Related: Why financial firms are rethinking their hiring strategies because of digital transformation
Move early
Waiting until Q2 2025 to fill critical compliance roles is a dangerous gamble. The best talent is already being approached by competitors, and as the deadline draws closer, the hiring pool will shrink even further.
Action step: Start recruiting now. Even if you’re not ready to hire today, building relationships with top candidates ensures you won’t be scrambling in the final months before the deadline.
Rethink compensation and perks
With salaries rising for in-demand compliance roles, firms need to offer more than just money to attract and retain talent.
Action step:
Flexible work arrangements (remote/hybrid options)
Clear career progression opportunities
Learning and development programs focused on regulatory changes
Performance-based incentives for compliance professionals who help the firm meet CPS 230 requirements
Expand your talent pool
Nearly 48% of Australian firms have already hired expat professionals to fill critical skill gaps*. With compliance talent in short supply, looking beyond Australia could be the competitive edge you need.
Action step:
Sponsoring skilled expat professionals for critical compliance roles.
Contract and interim hiring to cover urgent needs while you find permanent candidates.
Upskilling internal talent—investing in compliance training for existing employees may be a faster, more cost-effective solution.
Strengthen your employer brand in the compliance market
In a market where compliance professionals have options, firms need to position themselves as employers of choice.
Action step:
Clearly communicate your company’s commitment to regulatory excellence.
Highlight career growth opportunities in compliance and risk functions.
Engage with industry networks and thought leadership to build credibility among compliance professionals.
Secure the compliance talent you need
The Australian financial services industry is standing at a crossroads.
With CPS 230’s 1 July deadline fast approaching, firms must act decisively to secure the right talent.
Early movers will lock in top compliance professionals.
Flexible, competitive hiring strategies will win the talent war.
Delaying hiring decisions will only make compliance challenges harder to solve.
Now is the time to assess your compliance hiring strategy - before it’s too late.
Need help navigating the compliance talent market? Connect with a specialist recruiter today to find the expertise you need before demand outpaces supply.
*The data is derived from an online survey conducted by an independent research firm commissioned by Robert Half in November 2024. The survey gathered responses from 500 hiring managers and 1,000 full-time office workers in finance, accounting, business support, and IT and technology. Respondents are drawn from a sample of SMEs to large private, publicly-listed and public sector organisations across Australia.
Frequently Asked Questions (FAQs)
What does CPS stand for?
In APRA (Australian Prudential Regulation Authority) context, CPS stands for Cross-Industry Prudential Standards.
What is CPS 230 replacing?
Prudential Standard CPS 230 is replacing five existing standards: CPS 231 (Outsourcing), CPS 232 (Business Continuity Management), SPS 231 (Outsourcing for superannuation funds), SPS 232 (Business Continuity Management for superannuation funds), and HPS 231 (Outsourcing for health insurers).
Why do businesses need to prepare or CPS 230
Businesses need to prepare for CPS 230 to ensure they are resilient to operational risks and disruptions within the financial services sector. Compliance, which becomes mandatory on 1 July 2025, is crucial for maintaining the stability and integrity of the Australian financial system and protecting depositors, policyholders, beneficiaries, and other customers.
How to prepare for CPS 230
Preparing for CPS 230 involves significant changes to how businesses manage operational risk, business continuity, and third-party service provider relationships. It requires entities to identify critical operations, set tolerance levels for disruptions, enhance risk management frameworks, and develop robust business continuity plans. Failure to prepare and comply can lead to regulatory penalties, reputational damage, and a loss of stakeholder trust.
